This article provides an update on the recently discovered JSON-based SQL Injection Vulnerability by Team82.
The Claroty T82 research team released a blog last week demonstrating a newly identified SQL injection in JSON-based SQL and how it bypasses many name-brand WAF vendors.
The attack technique involves appending JSON syntax to SQL injection payloads. The attack affects only web applications using JSON.
Barracuda Load Balancer ADC Mitigation
The Barracuda Load Balancer ADC protect against this attack with an update in the existing SQL injection category of the Smart Signatures.
The default SQL injection medium and strict checks do not detect this variant, which employs JSON syntax. The new signature detects all identified variants of the JSON syntax-based attacks.
Barracuda Networks has pushed the new signature through Attack Definition Update version 1.222. The Release Notes is updated to reflect the changelog.
- Set Automatic Updates to ON for the Load Balancer ADC devices to receive the latest Attack Definition version 1.222.
- Set the Operating Mode for the new attack pattern "sql-tautology-conditions-json-bypass-string" to Active in the SECURITY > View Internal Patterns > Attack Types > sql-injection-medium group.
It is advised to watch out for false positives from this pattern and to contact Barracuda Networks Technical Support as required.